feat: registerAuthWhitelist 强制增加插件名前缀

避免越权申请白名单的问题(表面防止)
3 years ago · 56387371ab
parent 8e4908fced
commit 56387371ab
7 changed files with 9 additions and 13 deletions
--- a/server/packages/sdk/src/services/base.ts
+++ b/server/packages/sdk/src/services/base.ts
@ -285,15 +285,15 @@ export abstract class TcService extends Service {
  /**
   * 注册跳过token鉴权的路由地址
-   * @param urls 鉴权路由
+   * @param urls 鉴权路由 会自动添加 serviceName 前缀
-   * @example "/user/login"
+   * @example "/login"
   */
  registerAuthWhitelist(urls: string[]) {
    this.waitForServices('gateway').then(() => {
      this.broker.broadcast(
        'gateway.auth.addWhitelists',
        {
-          urls,
+          urls: urls.map((url) => `/${this.serviceName}${url}`),
        },
        'gateway'
      );
--- a/server/plugins/com.msgbyte.github/services/subscribe.service.ts
+++ b/server/plugins/com.msgbyte.github/services/subscribe.service.ts
@ -48,9 +48,7 @@ class GithubSubscribeService extends TcService {
    });
    this.registerAction('webhook.callback', this.webhookHandler);
-    this.registerAuthWhitelist([
+    this.registerAuthWhitelist(['/webhook/callback']);
      '/plugin:com.msgbyte.github.subscribe/webhook/callback',
    ]);
  }
  protected onInited(): void {
--- a/server/plugins/com.msgbyte.prettyinvite/services/prettyinvite.service.ts
+++ b/server/plugins/com.msgbyte.prettyinvite/services/prettyinvite.service.ts
@ -68,7 +68,7 @@ class PrettyinviteService extends TcService {
      },
    });
-    this.registerAuthWhitelist(['/plugin:com.msgbyte.prettyinvite/badge']);
+    this.registerAuthWhitelist(['/badge']);
  }
  async badge(
--- a/server/plugins/com.msgbyte.simplenotify/services/simplenotify.service.ts
+++ b/server/plugins/com.msgbyte.simplenotify/services/simplenotify.service.ts
@ -58,9 +58,7 @@ class SimpleNotifyService extends TcService {
      },
    });
-    this.registerAuthWhitelist([
+    this.registerAuthWhitelist(['/webhook/callback']);
      '/plugin:com.msgbyte.simplenotify/webhook/callback',
    ]);
  }
  protected onInited(): void {
--- a/server/services/core/config.service.ts
+++ b/server/services/core/config.service.ts
@ -42,7 +42,7 @@ class ConfigService extends TcService {
      },
    });
-    this.registerAuthWhitelist(['/config/client']);
+    this.registerAuthWhitelist(['/client']);
  }
  /**
--- a/server/services/core/user/user.service.ts
+++ b/server/services/core/user/user.service.ts
@ -201,7 +201,7 @@ class UserService extends TcService {
      visibility: 'public',
    });
-    this.registerAuthWhitelist(['/user/forgetPassword', '/user/resetPassword']);
+    this.registerAuthWhitelist(['/forgetPassword', '/resetPassword']);
  }
  /**
--- a/server/services/openapi/bot.service.ts
+++ b/server/services/openapi/bot.service.ts
@ -24,7 +24,7 @@ class OpenBotService extends TcService {
      visibility: 'public',
    });
-    this.registerAuthWhitelist(['/openapi/bot/login']);
+    this.registerAuthWhitelist(['/bot/login']);
  }
  /**